media: uvcvideo: Fix access to uninitialized fields on probe error

We need to check whether this work we are canceling actually is
initialized.

Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-by: syzbot+2e1ef9188251d9cc7944@syzkaller.appspotmail.com
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>

diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c
index 26163a5bde7d823f0668e553a18a98f9c3bd512c..e399b9fad7574d80957fef967f6e8d94c6d47074 100644 (file)
--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -2345,7 +2345,9 @@ void uvc_ctrl_cleanup_device(struct uvc_device *dev)
        struct uvc_entity *entity;
        unsigned int i;
 
-       cancel_work_sync(&dev->async_ctrl.work);
+       /* Can be uninitialized if we are aborting on probe error. */
+       if (dev->async_ctrl.work.func)
+               cancel_work_sync(&dev->async_ctrl.work);
 
        /* Free controls and control mappings for all entities. */
        list_for_each_entry(entity, &dev->entities, list) {